“China accused by US
and allies of ‘massive hacking campaign to steal trade secrets and
technologies’” – South China Morning Post

These are just some of the headlines pulled from various publications during December 2018, all linking China and trade secret theft together.

A challenging situation:

One clearly has to acknowledge the challenging situation
faced by many foreign companies in China with respect to trade secrets and
their misappropriation.

This paper will briefly explain trade secrets before then
describing the various scenarios in which foreign companies may find
themselves. We suggest that some of the scenarios described are clear examples
of trade secret theft but others less so, if not at all.

This paper also explores some recently published US reports
about the problem of trade secret theft in China.

Findings by the U.S. Trade
Representative under Section 301 of the Trade Act of 1974, published 22 March
2018, and then updated on 20 November 2018

US Department of Justice
report to Congress pursuant to the Defend Trade Secrets Act, published 19
October 2018

This paper then concludes with some guidance on what foreign
companies should do in order to better protect themselves.

Trade Secrets:

Let’s start with the basics. A trade secret is any
information that:

is secret.

has value.

is reasonably protected.

Broadly speaking, any confidential business information
which provides an enterprise a competitive edge may be considered a trade
secret.

Contrary to popular belief — especially among business
owners — trade secrets are not only found in top secret, highly-secure research
labs. Rather, almost every business possesses trade secrets, regardless of the
size and industry focus of the business.

Growing importance of
trade secrets:

Trade secrets are clearly growing in importance. First, the
law is changing:

The Defend Trade Secrets
Act was passed in the USA in May 2016.

The EU Directive on Trade
Secrets will be enacted by member states on June 9, 2018.

China explicitly included
trade secrets in its 2018 revisions to the Anti Unfair Competition Law.

Second, changes in eligibility requirements and enforcement
mechanisms in patent laws around the world, but especially those in the Unites
States — and especially as they relate to software and business methods — make
trade secrets an attractive mechanism to protect a company’s competitive
advantages.

Third, with the increased use of cloud-based and
licensing-based business models, across multiple industries, many businesses
prefer a “black box” approach to the company’s technology more suitable to
trade secrets than the disclosure-in-exchange-for-limited-monopoly approach of
patents.

Fourth, cyber-criminals — whether competitors or State
actors — are working overtime trying to steal trade secrets from organizations.

Fifth, more and more companies are embracing open and outsourced
innovation models, which necessarily requires sharing and collaborating on
trade secrets with others.

Sixth, changes in employment models are leading to a highly
mobile and transitory workforce where companies now have increased risk that
their employees will walk out the door with their valuable trade secrets.

Seventh, there is growing interest in trade secrets by the
tax authorities:

Much of the EU’s Anti Tax
Avoidance Directive (ATAD) enacted on 1 January 2019 relates to intangibles
including trade secrets

Patent Box Tax Regimes in a
number of jurisdictions are now allowing trade secrets as qualifying IP.

The US Government is
encouraging US companies to repatriate their IP back to the US by lowering tax
rates for royalties received from all forms of IP to be materially less than
the rate on ordinary corporate income.

Eighth, trade wars are linked by some to trade secret theft
concerns.

Last, but not least, we are seeing increased trade secret
litigation especially for US companies, but not exclusively so.

China and trade
secrets:

It is almost impossible to discuss trade secrets without
making mention of China and the alleged theft of trade secrets by Chinese
entities. However, there is no ‘one size fits all’ when it comes to China and
trade secret theft. It is also the case that not all incidents related to China
and trade secrets qualify as trade secret theft.

Case A:

Let’s take the example of a US multi-national enterprise (MNE)
with some business operations in China. A local Chinese employee of that MNE
leaves the company with know-how in their head and joins say a local Chinese
company operating in the same sector. The ex-employee now leverages that
know-how in his work for that local Chinese company.

This is an employee agreement issue as such and very depends
on the ‘non-compete’ provisions in the person’s employment agreement.

China’s labour laws allow an employer and an employee to enter
into a non-compete agreement or agree on a set of non-compete provisions
(usually in the employment agreement or a confidentiality agreement) that
prohibits the employee from competing with the employer for up to two years
after the employment term.

China employee non-compete agreements are generally limited
to senior management, senior technicians and other personnel who have a
confidentiality obligation.

In exchange for an employee’s promise to uphold a
non-compete requirement, the employer is required to pay economic compensation
to the employee. An employer’s failure to pay the non-compete compensation
means the employee can stop abiding by the non-compete provisions.

It is also worthwhile noting that non-compete agreements are
generally disliked by China’s administrative and judicial authorities. That
statement is probably true for many jurisdictions.

It should be noted that this example of an employee leaving
with know-how in their head is not unique to China. This happens in almost all
jurisdictions and in almost all industry sectors.

Case B:

Let’s take the example of a US multi-national enterprise
(MNE) with some business operations in China. A local Chinese employee of that
MNE steals documented trade secrets belonging to that US MNE and provides such
documentation to a local Chinese company (possibly competing with the MNE).

This is clearly trade secret theft so long as the
information is indeed a trade secret, the employee did indeed steal the
information, and there was damage to the company as a result of the theft.

It should be noted that China’s rules defining and
regulating trade secrets are scattered among a series of laws and regulations.
The most important of these however is the Anti-Unfair Competition Law which
was enhanced in January 2018.

The key changes to the Chinese Anti Unfair Competition Law are as follows:

The definition of a trade
secret has been simplified to now be ‘commercial secrets of sufficient
commercial value’ (and more in line with the definition of trade secrets in the
US and in Europe)

The fines have been
increased from CNY 200,000 to CNY 3,000,000.

The law has been expanded
in that 3rd parties with actual or constructive knowledge of the theft of a
trade secret could also now violate the law.

It should be noted that this example of an employee stealing
trade secrets from their employer and making it available to competitors is not
unique to China, but it does appear much more systematic there.

Case C:

Let’s take the example of a US multi-national enterprise
(MNE) with some business operations in China. A local Chinese employee resigns
from the MNE to join a competing local Chinese company taking some documented
trade secrets with him on exit.

Just like Case B above, this is clearly trade secret theft
so long as the information is indeed a trade secret, the employee did indeed
steal the information, and there was damage to the company as a result of the
theft.

It should be noted that this example of an employee stealing
some trade secrets on their last days of employment is certainly not unique to
China. This happens in almost all jurisdictions and in almost all industry
sectors. A significant number of departing employees spend their last few hours
in the company downloading information onto USB memory sticks or uploading
information to the cloud for them to access later.

Case D:

Let’s take the example of a US based MNE cyber attacked and
hacked by Chinese state sponsored hackers and having some of its trade secrets
stolen.

The cyber criminals leverage a variety of different
approaches and techniques to identify the vulnerabilities in the IT network of
the company and then attack.

The cyber criminals may leverage backdoors into the IT
network. They may try a denial-of-service attack or even a direct-access
attack. They may try eavesdropping, spoofing, and even tampering directly with
the IT network of the company. The cyber criminals may use privilege
escalation, phishing, clickjacking or social engineering techniques. In some
cases, they create a false environment of stealing non-pertinent data,
diverting the attention of incident responders only to exfiltrate trade secret
data residing elsewhere on the network. Regardless of what, where and how they
attack, they are after the trade secrets of the company.

Although clearly trade secret theft, bringing the culprits
to justice is easier said than done.

It should be noted that this example of state sponsored
hacking to steal corporate trade secrets is not unique to China. Yes, a
significant number of nation-state cyber-attackers are indeed Chinese, but many
other countries are also involved such as Russia, North Korea and Iran
according to cyber security experts. However, one would have to be very naive
to think that many western governments are not also involved.

Case E:

Let’s take the example of a US based MNE operating in China
and working in partnership with a local Chinese company and willingly sharing
some trade secrets with that local Chinese company.

When English poet John Donne wrote his famous line “No man
is an island,” almost 400 years ago, in many ways he was forecasting the future
of business as it operates today. No company is an island. It will interact
with others.

In most if not all of these business relationships listed
above, the companies involved will pass trade secrets back and forth.

A legal framework of some sort is usually put in place
between the parties, with the first step usually being the signing of a
Non-Disclosure Agreement (NDA). This is a relatively simple legal agreement
between a company and a counter-party of that company to exchange information,
for the purpose of a project, marketing campaign, R&D or sourcing, etc.
Examples of information which can be protected by a NDA are business proposals,
financial data, new ideas, etc. Under an NDA, the signer promises the recipient
that he will not disclose certain information to any third parties, except
under circumstances described within that contract.

Although NDAs are specifically mentioned here, this legal
framework may include a Memorandum of Understanding, a Development Agreement, a
Commercial Agreement and more.

Ideally, whatever legal framework is put in place should
contain details of the standard by which the parties involved will handle the
disclosed trade secrets provided to them by the other party. However, this is an
aspect that is often overlooked by many companies.

This case described above is not trade secret theft. It could
possibly qualify as trade secret theft if the local Chinese company exploits
the trade secrets shared by the US based MNE in ways not permitted according to
the provisions of the legal framework between the two companies.

Case F:

Let’s take the example of a US based MNE operating in China
and working in partnership with a local Chinese company but reluctantly sharing
some trade secrets with that local Chinese company as part of the agreement
they signed to allow them to operate in China and access the Chinese market.

Beijing is promising new measures to protect foreign
companies operating in China.

On 23 December 2018, the Chinese Government submitted a
draft of a new law to the Standing Committee of the National People’s Congress,
the country’s parliament, highlighting provisions aimed at better protecting
foreign companies’ intellectual property.

The proposed foreign investment law would prohibit forced
technology transfer from foreign firms to their Chinese partners.

We would argue that this example is not trade secret theft
as such. If the US company signed an agreement in order to operate in China,
and part of that agreement involved the transfer of some trade secrets to that
local Chinese company, then presently, that is the price of doing business in
China for that US entity.

However, this example is not unique to China. We know of non-US
companies feeling the same type of pressure when entering the US market and
dealing with US based MNEs. A European SME operating in the food & beverage
sector is currently under pressure from a major US retailer to share some of
its trade secrets with an existing US based supplier of that retailer as part
of the deal to do business with that major US retailer.

Case G:

Let’s take the example of a US based MNE operating in China,
and audited by the Chinese authorities, and concerned that trade secrets are
being misappropriated during such audits.

Some claim that Chinese tactics include the dispatching of antitrust
and other investigators into foreign companies to attempt to gather their trade
secrets. Some claim that China fills regulatory panels with experts who may
pass trade secrets found onto Chinese competitors. It is true that regulatory
panels do scrutinize foreign investments to make sure they meet Chinese government
goals.

The challenge here is that there are some exceptions built
into trade secret laws, and such exceptions are not unique to China. The
Directive on Trade Secrets enacted in June 2018 across the EU for example does
not alter the current legal obligations on companies to divulge certain information.

Companies are subject to legal obligations to disclose
information of public interest, for example, in the chemical and pharmaceutical
sectors. The EU Directive on Trade Secrets also does not provide any grounds
for companies to hide information that they are obliged to submit to regulatory
authorities.

Of course, if the auditors or regulators are stealing trade
secrets to then pass onto Chinese competitors, then such behavior is clearly
trade secret misappropriation.

Case H:

Let’s take the example of a US based MNE with products on
sale in China, and competing Chinese companies reverse engineering their
products.

Trade secrets are not protected against a 3rd
party independently duplicating and using the secret information once it is
discovered, such as through reverse engineering.

Yes, that 3rd party may have to avoid patent or
trademark infringement, but the 3rd party in this case does not have
to concern itself with trade secret misappropriation.

The US perspective:

A number of detailed investigations have been conducted recently
by the US into this challenging situation in China.

The US Department of Justice report to Congress pursuant to
the Defend Trade Secrets Act contains a number of key sections …

A description of the nature
and scope of the existing challenges to trade secret owners doing business
overseas,

The legal landscape of U.S.
trading partners in protecting trade secrets through civil and criminal legal
structures,

The U.S. government’s
response to the theft of trade secrets through investigation and prosecution,
with particular focus on the efforts of the Federal Bureau of Investigation and Department of
Justice prosecutors responsible for addressing intellectual property crime,

The U.S. government’s
response through engagement with victims, industry, and foreign counterparts to
increase awareness and effective trade secret protection overseas.

The key finding highlighted in the report is that the threat
of trade secret theft to U.S. corporations conducting business internationally
is a well-recognized and extensively documented phenomenon. The report identifies trade secret theft as
one of the key challenges in the protection and enforcement of intellectual
property rights among U.S. trading partners, a problem that places highly
valuable U.S. trade secrets at unnecessary risk.

Section 301 of the Trade Act of 1974 is a key US enforcement
tool that may be used to address a wide variety of unfair acts, policies, and
practices of U.S. trading partners.
Section 301 sets out three categories of acts, policies, or practices of
a foreign country that are potentially actionable:

• Trade
agreement violations;

• Acts,
policies or practices that are unjustifiable (defined as those that are inconsistent
with U.S. international legal rights) and that burden or restrict U.S.
Commerce;

• Acts,
policies or practices that are unreasonable or discriminatory and that burden
or restrict U.S. Commerce.

The key sections of the U.S. Trade Representative report
under Section 301 of the Trade Act of 1974, and published on 22 March 2018 with
an update on 22 November 2018 are as follows …

The first section of this report focused on how China uses
inbound foreign ownership restrictions, such as joint venture (JV) requirements
and foreign equity limitations, and the administrative licensing and approvals
process to require or pressure the transfer of technology, including trade
secrets.

The second section of this report addresses China’s acts,
policies, and practices depriving U.S. companies of the ability to set
market-based, mutually-desirable terms in licensing and other
technology-related negotiations with Chinese companies. It also details how China also intervenes in
U.S. firms’ investments and related activities in China through restrictions on
their technology licensing, including trade secret licensing.

The third section of this report explores China’s technology
focused foreign investments, particularly in the United States and Europe, and
the various motives driving such behavior. Over the past decade, China’s
outbound foreign direct investment (OFDI) has grown rapidly. A longstanding
focus of China’s OFDI has been the acquisition of mineral deposits and other
natural resource assets, principally in developing regions such as Africa and
Latin America. Yet, as China’s OFDI flows have increased, technology-focused
investments have become more prevalent.

The fourth section of this report looks at the Chinese
government and its cyber intrusions into U.S. commercial networks targeting
confidential business information held by U.S. firms. Through these cyber intrusions, China’s
government has gained unauthorized access to a wide range of
commercially-valuable business information, including trade secrets.

It should be noted
that the US Department of Justice report is not specific to China, whereas the
US Trade Representative report is. That said, the US Department of Justice
report is specific to trade secret misappropriation whereas the US Trade
Representative report is not.

Getting the basics
right:

Companies need to take trade secret asset management
seriously, but especially so if they are doing business in China. Unfortunately,
many companies are poor when it comes to trade secret asset management.

Executives from companies of all types acknowledge the
importance of trade secrets to their businesses while privately admitting that
their company has no idea how many trade secrets they have, which ones are
important, or how any of them are protected. The same executives will also
sheepishly admit that they have no idea how many trade secrets their company
has received from third parties in various business ventures, how adequately
their company protects them, or if they even bother to return or destroy them once
the collaboration ends.

• Trade
secrets are poorly managed

•
Education is not happening

• There is
a lack of ownership

•
Documentation is poor.

•
Protection mechanisms are poor or non-existent.

• There is
a lack of any classification of such assets.

• Details
on whether trade secrets have been shared is often missing

• Trade
secrets not properly addressed in agreements & contracts

• There is
no information sharing between the legal / IP function and the Accounts / Tax
function

• There is
no audit trail.

Nearly everyone acknowledges the importance of trade secrets
while doing very little to protect them or even making a simple list. It’s like
knowing you have a Rembrandt in your attic and not bothering to have it
appraised, insured, or even protected from rodents and birds.

Good practice:

Those exceptional companies who have this mastered tend to
have the following things in place

Education of employees
about trade secrets

A robust trade secret policy

Fit for purpose trade secret
process & procedures

A system to underpin that process

Good quality trade secret metadata

Trade secret governance

The importance of education of employees about trade secrets
cannot be stated enough. It is a self-enlightening process. It is crucial to
the overall development of the individual participant and the company or
organization at large. Trade secret education provides the participant with knowledge
about the world of trade secrets and enables informed decisions to be made.

A corporate trade secret policy is a formal declaration of
the guiding principles and procedures by which the organization will operate,
typically established by its board of directors, a senior management policy
committee or by the Legal / IP function within the organization

A trade secret process can be seen as an agreement to do
certain things in a certain way and the larger the organization, the greater
the need for agreements on ways of working. The trade secret process is like
the memory of the organization, and without such a process, a lot of effort can
be wasted, and the same mistakes can be repeated.

If a company only has one or two trade secrets, then they
probably do not require any trade secret asset management system. However, if
the number of trade secrets in a company is more than a handful; if they are
sharing their trade secrets with others; if other entities are entrusting their
trade secrets to the company; if the company has any direct or indirect links
with entities in the US (given the growing issue with trade secret litigation
there); if the company has trade secrets located across diverse EU member
states (given the EU Directive on Trade Secrets being enacted in June 2018), if
the company is doing any business in China (for the reasons outlined in this paper); and/or if
the company is conducting any IP due diligence exercises due to some corporate
event (e.g. M&A, JV, Investment Round, etc.), then a trade secret asset
management system is absolutely required.

Metadata is a set of data that describes and gives
information about other data. Metadata is simply data that describes other
data. Meta is a prefix that in most information technology usages means ‘an
underlying definition or description’. Some mistakenly believe that because
trade secrets are not registered, then the concept of trade secret metadata may
not apply. Others mistakenly believe that because trade secrets are meant to be
kept secret, then no metadata should exist.

Governance is the act of governing. It relates to decisions
that define expectations, grant power, or verify performance. In the case of a
business, governance relates to consistent management, cohesive policies,
proper guidance, well defined processes, KPIs and metrics, and decision-rights
for a given area of responsibility. Trade secret governance is simply about
defining the ‘rules’ for those involved in trade secret asset management within
the organization.

The first and last items listed, namely education and
governance, are like book-ends keeping everything else in order.

We would argue that trade secret metadata is key. Without
trade secret data, you have no trade secret information. Without trade secret
information, you have no trade secret knowledge.